1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2018-2020, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <compiler.h> 8 #include <tee_api_defines.h> 9 #include <tee_internal_api.h> 10 #include <tee_internal_api_extensions.h> 11 12 #include "attributes.h" 13 #include "pkcs11_helpers.h" 14 #include "pkcs11_token.h" 15 #include "processing.h" 16 #include "serializer.h" 17 18 bool processing_is_tee_asymm(uint32_t proc_id) 19 { 20 switch (proc_id) { 21 /* RSA flavors */ 22 case PKCS11_CKM_RSA_PKCS: 23 case PKCS11_CKM_RSA_PKCS_OAEP: 24 case PKCS11_CKM_RSA_PKCS_PSS: 25 case PKCS11_CKM_MD5_RSA_PKCS: 26 case PKCS11_CKM_SHA1_RSA_PKCS: 27 case PKCS11_CKM_SHA224_RSA_PKCS: 28 case PKCS11_CKM_SHA256_RSA_PKCS: 29 case PKCS11_CKM_SHA384_RSA_PKCS: 30 case PKCS11_CKM_SHA512_RSA_PKCS: 31 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 32 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 33 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 34 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 35 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 36 /* EC flavors */ 37 case PKCS11_CKM_EDDSA: 38 case PKCS11_CKM_ECDSA: 39 case PKCS11_CKM_ECDH1_DERIVE: 40 case PKCS11_CKM_ECDSA_SHA1: 41 case PKCS11_CKM_ECDSA_SHA224: 42 case PKCS11_CKM_ECDSA_SHA256: 43 case PKCS11_CKM_ECDSA_SHA384: 44 case PKCS11_CKM_ECDSA_SHA512: 45 return true; 46 default: 47 return false; 48 } 49 } 50 51 static enum pkcs11_rc 52 pkcs2tee_algorithm(uint32_t *tee_id, uint32_t *tee_hash_id, 53 enum processing_func function __unused, 54 struct pkcs11_attribute_head *proc_params, 55 struct pkcs11_object *obj) 56 { 57 static const struct { 58 enum pkcs11_mechanism_id mech_id; 59 uint32_t tee_id; 60 uint32_t tee_hash_id; 61 } pkcs2tee_algo[] = { 62 /* RSA flavors */ 63 { PKCS11_CKM_RSA_PKCS, TEE_ALG_RSAES_PKCS1_V1_5, 0 }, 64 { PKCS11_CKM_RSA_PKCS_OAEP, 1, 0 }, 65 { PKCS11_CKM_RSA_PKCS_PSS, 1, 0 }, 66 { PKCS11_CKM_MD5_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_MD5, 67 TEE_ALG_MD5 }, 68 { PKCS11_CKM_SHA1_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA1, 69 TEE_ALG_SHA1 }, 70 { PKCS11_CKM_SHA224_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA224, 71 TEE_ALG_SHA224 }, 72 { PKCS11_CKM_SHA256_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA256, 73 TEE_ALG_SHA256 }, 74 { PKCS11_CKM_SHA384_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA384, 75 TEE_ALG_SHA384 }, 76 { PKCS11_CKM_SHA512_RSA_PKCS, TEE_ALG_RSASSA_PKCS1_V1_5_SHA512, 77 TEE_ALG_SHA512 }, 78 { PKCS11_CKM_SHA1_RSA_PKCS_PSS, 79 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1, TEE_ALG_SHA1 }, 80 { PKCS11_CKM_SHA224_RSA_PKCS_PSS, 81 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224, TEE_ALG_SHA224 }, 82 { PKCS11_CKM_SHA256_RSA_PKCS_PSS, 83 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256, TEE_ALG_SHA256 }, 84 { PKCS11_CKM_SHA384_RSA_PKCS_PSS, 85 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384, TEE_ALG_SHA384 }, 86 { PKCS11_CKM_SHA512_RSA_PKCS_PSS, 87 TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512, TEE_ALG_SHA512 }, 88 /* EC flavors (Must find key size from the object) */ 89 { PKCS11_CKM_ECDSA, 1, 0 }, 90 { PKCS11_CKM_ECDSA_SHA1, 1, TEE_ALG_SHA1 }, 91 { PKCS11_CKM_ECDSA_SHA224, 1, TEE_ALG_SHA224 }, 92 { PKCS11_CKM_ECDSA_SHA256, 1, TEE_ALG_SHA256 }, 93 { PKCS11_CKM_ECDSA_SHA384, 1, TEE_ALG_SHA384 }, 94 { PKCS11_CKM_ECDSA_SHA512, 1, TEE_ALG_SHA512 }, 95 { PKCS11_CKM_ECDH1_DERIVE, 1, 0 }, 96 { PKCS11_CKM_EDDSA, TEE_ALG_ED25519, 0 }, 97 }; 98 size_t n = 0; 99 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 100 101 for (n = 0; n < ARRAY_SIZE(pkcs2tee_algo); n++) { 102 if (pkcs2tee_algo[n].mech_id == proc_params->id) { 103 *tee_id = pkcs2tee_algo[n].tee_id; 104 *tee_hash_id = pkcs2tee_algo[n].tee_hash_id; 105 break; 106 } 107 } 108 109 if (n == ARRAY_SIZE(pkcs2tee_algo)) 110 return PKCS11_RV_NOT_IMPLEMENTED; 111 112 switch (proc_params->id) { 113 case PKCS11_CKM_RSA_PKCS_PSS: 114 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 115 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 116 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 117 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 118 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 119 rc = pkcs2tee_algo_rsa_pss(tee_id, proc_params); 120 break; 121 case PKCS11_CKM_RSA_PKCS_OAEP: 122 rc = pkcs2tee_algo_rsa_oaep(tee_id, tee_hash_id, proc_params); 123 break; 124 case PKCS11_CKM_ECDSA: 125 case PKCS11_CKM_ECDSA_SHA1: 126 case PKCS11_CKM_ECDSA_SHA224: 127 case PKCS11_CKM_ECDSA_SHA256: 128 case PKCS11_CKM_ECDSA_SHA384: 129 case PKCS11_CKM_ECDSA_SHA512: 130 rc = pkcs2tee_algo_ecdsa(tee_id, proc_params, obj); 131 break; 132 case PKCS11_CKM_ECDH1_DERIVE: 133 rc = pkcs2tee_algo_ecdh(tee_id, proc_params, obj); 134 break; 135 default: 136 rc = PKCS11_CKR_OK; 137 break; 138 } 139 140 /* 141 * PKCS#11 uses single mechanism CKM_RSA_PKCS for both ciphering and 142 * authentication whereas GPD TEE expects TEE_ALG_RSAES_PKCS1_V1_5 for 143 * ciphering and TEE_ALG_RSASSA_PKCS1_V1_5 for authentication. 144 */ 145 if (*tee_id == TEE_ALG_RSAES_PKCS1_V1_5 && 146 (function == PKCS11_FUNCTION_SIGN || 147 function == PKCS11_FUNCTION_VERIFY)) 148 *tee_id = TEE_ALG_RSASSA_PKCS1_V1_5; 149 150 return rc; 151 } 152 153 static enum pkcs11_rc pkcs2tee_key_type(uint32_t *tee_type, 154 struct pkcs11_object *obj, 155 enum processing_func function) 156 { 157 enum pkcs11_class_id class = get_class(obj->attributes); 158 enum pkcs11_key_type type = get_key_type(obj->attributes); 159 160 switch (class) { 161 case PKCS11_CKO_PUBLIC_KEY: 162 case PKCS11_CKO_PRIVATE_KEY: 163 break; 164 default: 165 TEE_Panic(class); 166 break; 167 } 168 169 switch (type) { 170 case PKCS11_CKK_EC: 171 if (class == PKCS11_CKO_PRIVATE_KEY) { 172 if (function == PKCS11_FUNCTION_DERIVE) 173 *tee_type = TEE_TYPE_ECDH_KEYPAIR; 174 else 175 *tee_type = TEE_TYPE_ECDSA_KEYPAIR; 176 } else { 177 if (function == PKCS11_FUNCTION_DERIVE) 178 *tee_type = TEE_TYPE_ECDH_PUBLIC_KEY; 179 else 180 *tee_type = TEE_TYPE_ECDSA_PUBLIC_KEY; 181 } 182 break; 183 case PKCS11_CKK_RSA: 184 if (class == PKCS11_CKO_PRIVATE_KEY) 185 *tee_type = TEE_TYPE_RSA_KEYPAIR; 186 else 187 *tee_type = TEE_TYPE_RSA_PUBLIC_KEY; 188 break; 189 case PKCS11_CKK_EC_EDWARDS: 190 if (class == PKCS11_CKO_PRIVATE_KEY) 191 *tee_type = TEE_TYPE_ED25519_KEYPAIR; 192 else 193 *tee_type = TEE_TYPE_ED25519_PUBLIC_KEY; 194 break; 195 default: 196 TEE_Panic(type); 197 break; 198 } 199 200 return PKCS11_CKR_OK; 201 } 202 203 static enum pkcs11_rc 204 allocate_tee_operation(struct pkcs11_session *session, 205 enum processing_func function, 206 struct pkcs11_attribute_head *params, 207 struct pkcs11_object *obj) 208 { 209 uint32_t size = (uint32_t)get_object_key_bit_size(obj); 210 uint32_t algo = 0; 211 uint32_t hash_algo = 0; 212 uint32_t mode = 0; 213 uint32_t hash_mode = 0; 214 TEE_Result res = TEE_ERROR_GENERIC; 215 struct active_processing *processing = session->processing; 216 217 assert(processing->tee_op_handle == TEE_HANDLE_NULL); 218 assert(processing->tee_hash_op_handle == TEE_HANDLE_NULL); 219 220 if (pkcs2tee_algorithm(&algo, &hash_algo, function, params, obj)) 221 return PKCS11_CKR_FUNCTION_FAILED; 222 223 pkcs2tee_mode(&mode, function); 224 225 if (hash_algo) { 226 pkcs2tee_mode(&hash_mode, PKCS11_FUNCTION_DIGEST); 227 228 res = TEE_AllocateOperation(&processing->tee_hash_op_handle, 229 hash_algo, hash_mode, 0); 230 if (res) { 231 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32, 232 hash_algo, hash_mode); 233 234 if (res == TEE_ERROR_NOT_SUPPORTED) 235 return PKCS11_CKR_MECHANISM_INVALID; 236 return tee2pkcs_error(res); 237 } 238 processing->tee_hash_algo = hash_algo; 239 } 240 241 res = TEE_AllocateOperation(&processing->tee_op_handle, 242 algo, mode, size); 243 if (res) 244 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32" %#"PRIx32, 245 algo, mode, size); 246 247 if (res == TEE_ERROR_NOT_SUPPORTED) 248 return PKCS11_CKR_MECHANISM_INVALID; 249 250 if (res != TEE_SUCCESS && 251 processing->tee_hash_op_handle != TEE_HANDLE_NULL) { 252 TEE_FreeOperation(session->processing->tee_hash_op_handle); 253 processing->tee_hash_op_handle = TEE_HANDLE_NULL; 254 processing->tee_hash_algo = 0; 255 } 256 257 return tee2pkcs_error(res); 258 } 259 260 static enum pkcs11_rc load_tee_key(struct pkcs11_session *session, 261 struct pkcs11_object *obj, 262 enum processing_func function) 263 { 264 TEE_Attribute *tee_attrs = NULL; 265 size_t tee_attrs_count = 0; 266 size_t object_size = 0; 267 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 268 TEE_Result res = TEE_ERROR_GENERIC; 269 enum pkcs11_class_id __maybe_unused class = get_class(obj->attributes); 270 enum pkcs11_key_type type = get_key_type(obj->attributes); 271 272 assert(class == PKCS11_CKO_PUBLIC_KEY || 273 class == PKCS11_CKO_PRIVATE_KEY); 274 275 if (obj->key_handle != TEE_HANDLE_NULL) { 276 switch (type) { 277 case PKCS11_CKK_RSA: 278 /* RSA loaded keys can be reused */ 279 assert((obj->key_type == TEE_TYPE_RSA_PUBLIC_KEY && 280 class == PKCS11_CKO_PUBLIC_KEY) || 281 (obj->key_type == TEE_TYPE_RSA_KEYPAIR && 282 class == PKCS11_CKO_PRIVATE_KEY)); 283 goto key_ready; 284 case PKCS11_CKK_EC: 285 /* Reuse EC TEE key only if already DSA or DH */ 286 switch (obj->key_type) { 287 case TEE_TYPE_ECDSA_PUBLIC_KEY: 288 case TEE_TYPE_ECDSA_KEYPAIR: 289 if (function != PKCS11_FUNCTION_DERIVE) 290 goto key_ready; 291 break; 292 case TEE_TYPE_ECDH_PUBLIC_KEY: 293 case TEE_TYPE_ECDH_KEYPAIR: 294 if (function == PKCS11_FUNCTION_DERIVE) 295 goto key_ready; 296 break; 297 default: 298 assert(0); 299 break; 300 } 301 break; 302 default: 303 assert(0); 304 break; 305 } 306 307 TEE_CloseObject(obj->key_handle); 308 obj->key_handle = TEE_HANDLE_NULL; 309 } 310 311 rc = pkcs2tee_key_type(&obj->key_type, obj, function); 312 if (rc) 313 return rc; 314 315 object_size = get_object_key_bit_size(obj); 316 if (!object_size) 317 return PKCS11_CKR_GENERAL_ERROR; 318 319 switch (type) { 320 case PKCS11_CKK_RSA: 321 rc = load_tee_rsa_key_attrs(&tee_attrs, &tee_attrs_count, obj); 322 break; 323 case PKCS11_CKK_EC: 324 rc = load_tee_ec_key_attrs(&tee_attrs, &tee_attrs_count, obj); 325 break; 326 case PKCS11_CKK_EC_EDWARDS: 327 rc = load_tee_eddsa_key_attrs(&tee_attrs, &tee_attrs_count, 328 obj); 329 break; 330 default: 331 break; 332 } 333 if (rc) 334 return rc; 335 336 res = TEE_AllocateTransientObject(obj->key_type, object_size, 337 &obj->key_handle); 338 if (res) { 339 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res); 340 341 return tee2pkcs_error(res); 342 } 343 344 res = TEE_PopulateTransientObject(obj->key_handle, 345 tee_attrs, tee_attrs_count); 346 347 TEE_Free(tee_attrs); 348 349 if (res) { 350 DMSG("TEE_PopulateTransientObject failed, %#"PRIx32, res); 351 352 goto error; 353 } 354 355 key_ready: 356 res = TEE_SetOperationKey(session->processing->tee_op_handle, 357 obj->key_handle); 358 if (res) { 359 DMSG("TEE_SetOperationKey failed, %#"PRIx32, res); 360 361 goto error; 362 } 363 364 return PKCS11_CKR_OK; 365 366 error: 367 TEE_FreeTransientObject(obj->key_handle); 368 obj->key_handle = TEE_HANDLE_NULL; 369 return tee2pkcs_error(res); 370 } 371 372 static enum pkcs11_rc 373 init_tee_operation(struct pkcs11_session *session, 374 struct pkcs11_attribute_head *proc_params, 375 struct pkcs11_object *obj) 376 { 377 enum pkcs11_rc rc = PKCS11_CKR_OK; 378 struct active_processing *proc = session->processing; 379 380 switch (proc_params->id) { 381 case PKCS11_CKM_RSA_PKCS_PSS: 382 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 383 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 384 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 385 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 386 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 387 rc = pkcs2tee_proc_params_rsa_pss(proc, proc_params); 388 if (rc) 389 break; 390 391 rc = pkcs2tee_validate_rsa_pss(proc, obj); 392 break; 393 case PKCS11_CKM_RSA_PKCS_OAEP: 394 rc = pkcs2tee_proc_params_rsa_oaep(proc, proc_params); 395 break; 396 case PKCS11_CKM_EDDSA: 397 rc = pkcs2tee_proc_params_eddsa(proc, proc_params); 398 break; 399 default: 400 break; 401 } 402 403 return rc; 404 } 405 406 enum pkcs11_rc init_asymm_operation(struct pkcs11_session *session, 407 enum processing_func function, 408 struct pkcs11_attribute_head *proc_params, 409 struct pkcs11_object *obj) 410 { 411 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 412 413 assert(processing_is_tee_asymm(proc_params->id)); 414 415 rc = allocate_tee_operation(session, function, proc_params, obj); 416 if (rc) 417 return rc; 418 419 rc = load_tee_key(session, obj, function); 420 if (rc) 421 return rc; 422 423 return init_tee_operation(session, proc_params, obj); 424 } 425 426 /* 427 * step_sym_step - step (update/oneshot/final) on a symmetric crypto operation 428 * 429 * @session - current session 430 * @function - processing function (encrypt, decrypt, sign, ...) 431 * @step - step ID in the processing (oneshot, update, final) 432 * @ptypes - invocation parameter types 433 * @params - invocation parameter references 434 */ 435 enum pkcs11_rc step_asymm_operation(struct pkcs11_session *session, 436 enum processing_func function, 437 enum processing_step step, 438 uint32_t ptypes, TEE_Param *params) 439 { 440 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 441 TEE_Result res = TEE_ERROR_GENERIC; 442 void *in_buf = NULL; 443 void *in2_buf = NULL; 444 void *out_buf = NULL; 445 void *hash_buf = NULL; 446 uint32_t in_size = 0; 447 uint32_t in2_size = 0; 448 uint32_t out_size = 0; 449 uint32_t hash_size = 0; 450 TEE_Attribute *tee_attrs = NULL; 451 size_t tee_attrs_count = 0; 452 bool output_data = false; 453 struct active_processing *proc = session->processing; 454 struct rsa_oaep_processing_ctx *rsa_oaep_ctx = NULL; 455 struct rsa_pss_processing_ctx *rsa_pss_ctx = NULL; 456 struct eddsa_processing_ctx *eddsa_ctx = NULL; 457 size_t sz = 0; 458 459 if (TEE_PARAM_TYPE_GET(ptypes, 1) == TEE_PARAM_TYPE_MEMREF_INPUT) { 460 in_buf = params[1].memref.buffer; 461 in_size = params[1].memref.size; 462 if (in_size && !in_buf) 463 return PKCS11_CKR_ARGUMENTS_BAD; 464 } 465 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_INPUT) { 466 in2_buf = params[2].memref.buffer; 467 in2_size = params[2].memref.size; 468 if (in2_size && !in2_buf) 469 return PKCS11_CKR_ARGUMENTS_BAD; 470 } 471 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_OUTPUT) { 472 out_buf = params[2].memref.buffer; 473 out_size = params[2].memref.size; 474 if (out_size && !out_buf) 475 return PKCS11_CKR_ARGUMENTS_BAD; 476 } 477 if (TEE_PARAM_TYPE_GET(ptypes, 3) != TEE_PARAM_TYPE_NONE) 478 return PKCS11_CKR_ARGUMENTS_BAD; 479 480 switch (step) { 481 case PKCS11_FUNC_STEP_ONESHOT: 482 case PKCS11_FUNC_STEP_UPDATE: 483 case PKCS11_FUNC_STEP_FINAL: 484 break; 485 default: 486 return PKCS11_CKR_GENERAL_ERROR; 487 } 488 489 /* TEE attribute(s) required by the operation */ 490 switch (proc->mecha_type) { 491 case PKCS11_CKM_RSA_PKCS_PSS: 492 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 493 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 494 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 495 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 496 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 497 tee_attrs = TEE_Malloc(sizeof(TEE_Attribute), 498 TEE_USER_MEM_HINT_NO_FILL_ZERO); 499 if (!tee_attrs) { 500 rc = PKCS11_CKR_DEVICE_MEMORY; 501 goto out; 502 } 503 504 rsa_pss_ctx = proc->extra_ctx; 505 506 TEE_InitValueAttribute(&tee_attrs[tee_attrs_count], 507 TEE_ATTR_RSA_PSS_SALT_LENGTH, 508 rsa_pss_ctx->salt_len, 0); 509 tee_attrs_count++; 510 break; 511 case PKCS11_CKM_EDDSA: 512 eddsa_ctx = proc->extra_ctx; 513 514 tee_attrs = TEE_Malloc(2 * sizeof(TEE_Attribute), 515 TEE_USER_MEM_HINT_NO_FILL_ZERO); 516 if (!tee_attrs) { 517 rc = PKCS11_CKR_DEVICE_MEMORY; 518 goto out; 519 } 520 521 if (eddsa_ctx->flag) { 522 TEE_InitValueAttribute(&tee_attrs[tee_attrs_count], 523 TEE_ATTR_EDDSA_PREHASH, 0, 0); 524 tee_attrs_count++; 525 } 526 527 if (eddsa_ctx->ctx_len > 0) { 528 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 529 TEE_ATTR_EDDSA_CTX, eddsa_ctx->ctx, 530 eddsa_ctx->ctx_len); 531 tee_attrs_count++; 532 } 533 break; 534 case PKCS11_CKM_RSA_PKCS_OAEP: 535 rsa_oaep_ctx = proc->extra_ctx; 536 537 if (!rsa_oaep_ctx->source_data_len) 538 break; 539 540 tee_attrs = TEE_Malloc(sizeof(TEE_Attribute), 541 TEE_USER_MEM_HINT_NO_FILL_ZERO); 542 if (!tee_attrs) { 543 rc = PKCS11_CKR_DEVICE_MEMORY; 544 goto out; 545 } 546 547 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 548 TEE_ATTR_RSA_OAEP_LABEL, 549 rsa_oaep_ctx->source_data, 550 rsa_oaep_ctx->source_data_len); 551 tee_attrs_count++; 552 break; 553 default: 554 break; 555 } 556 557 /* 558 * Handle multi stage update step for mechas needing hash 559 * calculation 560 */ 561 if (step == PKCS11_FUNC_STEP_UPDATE) { 562 switch (proc->mecha_type) { 563 case PKCS11_CKM_ECDSA_SHA1: 564 case PKCS11_CKM_ECDSA_SHA224: 565 case PKCS11_CKM_ECDSA_SHA256: 566 case PKCS11_CKM_ECDSA_SHA384: 567 case PKCS11_CKM_ECDSA_SHA512: 568 case PKCS11_CKM_MD5_RSA_PKCS: 569 case PKCS11_CKM_SHA1_RSA_PKCS: 570 case PKCS11_CKM_SHA224_RSA_PKCS: 571 case PKCS11_CKM_SHA256_RSA_PKCS: 572 case PKCS11_CKM_SHA384_RSA_PKCS: 573 case PKCS11_CKM_SHA512_RSA_PKCS: 574 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 575 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 576 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 577 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 578 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 579 assert(proc->tee_hash_op_handle != TEE_HANDLE_NULL); 580 581 TEE_DigestUpdate(proc->tee_hash_op_handle, in_buf, 582 in_size); 583 rc = PKCS11_CKR_OK; 584 break; 585 default: 586 /* 587 * Other mechanism do not expect multi stage 588 * operation 589 */ 590 rc = PKCS11_CKR_GENERAL_ERROR; 591 break; 592 } 593 594 goto out; 595 } 596 597 /* 598 * Handle multi stage one shot and final steps for mechas needing hash 599 * calculation 600 */ 601 switch (proc->mecha_type) { 602 case PKCS11_CKM_ECDSA_SHA1: 603 case PKCS11_CKM_ECDSA_SHA224: 604 case PKCS11_CKM_ECDSA_SHA256: 605 case PKCS11_CKM_ECDSA_SHA384: 606 case PKCS11_CKM_ECDSA_SHA512: 607 case PKCS11_CKM_MD5_RSA_PKCS: 608 case PKCS11_CKM_SHA1_RSA_PKCS: 609 case PKCS11_CKM_SHA224_RSA_PKCS: 610 case PKCS11_CKM_SHA256_RSA_PKCS: 611 case PKCS11_CKM_SHA384_RSA_PKCS: 612 case PKCS11_CKM_SHA512_RSA_PKCS: 613 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 614 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 615 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 616 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 617 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 618 assert(proc->tee_hash_op_handle != TEE_HANDLE_NULL); 619 620 hash_size = TEE_ALG_GET_DIGEST_SIZE(proc->tee_hash_algo); 621 hash_buf = TEE_Malloc(hash_size, 0); 622 if (!hash_buf) 623 return PKCS11_CKR_DEVICE_MEMORY; 624 625 res = TEE_DigestDoFinal(proc->tee_hash_op_handle, 626 in_buf, in_size, hash_buf, 627 &hash_size); 628 629 rc = tee2pkcs_error(res); 630 if (rc != PKCS11_CKR_OK) 631 goto out; 632 633 break; 634 default: 635 break; 636 } 637 638 /* 639 * Finalize either provided hash or calculated hash with signing 640 * operation 641 */ 642 643 /* First determine amount of bytes for signing operation */ 644 switch (proc->mecha_type) { 645 case PKCS11_CKM_ECDSA: 646 sz = ecdsa_get_input_max_byte_size(proc->tee_op_handle); 647 if (!in_size || !sz) { 648 rc = PKCS11_CKR_FUNCTION_FAILED; 649 goto out; 650 } 651 652 /* 653 * Note 3) Input the entire raw digest. Internally, this will 654 * be truncated to the appropriate number of bits. 655 */ 656 if (in_size > sz) 657 in_size = sz; 658 659 if (function == PKCS11_FUNCTION_VERIFY && in2_size != 2 * sz) { 660 rc = PKCS11_CKR_SIGNATURE_LEN_RANGE; 661 goto out; 662 } 663 break; 664 case PKCS11_CKM_ECDSA_SHA1: 665 case PKCS11_CKM_ECDSA_SHA224: 666 case PKCS11_CKM_ECDSA_SHA256: 667 case PKCS11_CKM_ECDSA_SHA384: 668 case PKCS11_CKM_ECDSA_SHA512: 669 /* Get key size in bytes */ 670 sz = ecdsa_get_input_max_byte_size(proc->tee_op_handle); 671 if (!sz) { 672 rc = PKCS11_CKR_FUNCTION_FAILED; 673 goto out; 674 } 675 676 if (function == PKCS11_FUNCTION_VERIFY && 677 in2_size != 2 * sz) { 678 rc = PKCS11_CKR_SIGNATURE_LEN_RANGE; 679 goto out; 680 } 681 break; 682 case PKCS11_CKM_RSA_PKCS: 683 case PKCS11_CKM_MD5_RSA_PKCS: 684 case PKCS11_CKM_SHA1_RSA_PKCS: 685 case PKCS11_CKM_SHA224_RSA_PKCS: 686 case PKCS11_CKM_SHA256_RSA_PKCS: 687 case PKCS11_CKM_SHA384_RSA_PKCS: 688 case PKCS11_CKM_SHA512_RSA_PKCS: 689 case PKCS11_CKM_RSA_PKCS_PSS: 690 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 691 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 692 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 693 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 694 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 695 /* Get key size in bytes */ 696 sz = rsa_get_input_max_byte_size(proc->tee_op_handle); 697 if (!sz) { 698 rc = PKCS11_CKR_FUNCTION_FAILED; 699 goto out; 700 } 701 702 if (function == PKCS11_FUNCTION_VERIFY && in2_size != sz) { 703 rc = PKCS11_CKR_SIGNATURE_LEN_RANGE; 704 goto out; 705 } 706 break; 707 default: 708 break; 709 } 710 711 /* Next perform actual signing operation */ 712 switch (proc->mecha_type) { 713 case PKCS11_CKM_ECDSA: 714 case PKCS11_CKM_EDDSA: 715 case PKCS11_CKM_RSA_PKCS: 716 case PKCS11_CKM_RSA_PKCS_OAEP: 717 case PKCS11_CKM_RSA_PKCS_PSS: 718 /* For operations using provided input data */ 719 switch (function) { 720 case PKCS11_FUNCTION_ENCRYPT: 721 res = TEE_AsymmetricEncrypt(proc->tee_op_handle, 722 tee_attrs, tee_attrs_count, 723 in_buf, in_size, 724 out_buf, &out_size); 725 output_data = true; 726 rc = tee2pkcs_error(res); 727 if (rc == PKCS11_CKR_ARGUMENTS_BAD) 728 rc = PKCS11_CKR_DATA_LEN_RANGE; 729 break; 730 731 case PKCS11_FUNCTION_DECRYPT: 732 res = TEE_AsymmetricDecrypt(proc->tee_op_handle, 733 tee_attrs, tee_attrs_count, 734 in_buf, in_size, 735 out_buf, &out_size); 736 output_data = true; 737 rc = tee2pkcs_error(res); 738 if (rc == PKCS11_CKR_ARGUMENTS_BAD) 739 rc = PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE; 740 break; 741 742 case PKCS11_FUNCTION_SIGN: 743 res = TEE_AsymmetricSignDigest(proc->tee_op_handle, 744 tee_attrs, 745 tee_attrs_count, 746 in_buf, in_size, 747 out_buf, &out_size); 748 output_data = true; 749 rc = tee2pkcs_error(res); 750 break; 751 752 case PKCS11_FUNCTION_VERIFY: 753 res = TEE_AsymmetricVerifyDigest(proc->tee_op_handle, 754 tee_attrs, 755 tee_attrs_count, 756 in_buf, in_size, 757 in2_buf, in2_size); 758 rc = tee2pkcs_error(res); 759 break; 760 761 default: 762 TEE_Panic(function); 763 break; 764 } 765 break; 766 case PKCS11_CKM_ECDSA_SHA1: 767 case PKCS11_CKM_ECDSA_SHA224: 768 case PKCS11_CKM_ECDSA_SHA256: 769 case PKCS11_CKM_ECDSA_SHA384: 770 case PKCS11_CKM_ECDSA_SHA512: 771 case PKCS11_CKM_MD5_RSA_PKCS: 772 case PKCS11_CKM_SHA1_RSA_PKCS: 773 case PKCS11_CKM_SHA224_RSA_PKCS: 774 case PKCS11_CKM_SHA256_RSA_PKCS: 775 case PKCS11_CKM_SHA384_RSA_PKCS: 776 case PKCS11_CKM_SHA512_RSA_PKCS: 777 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 778 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 779 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 780 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 781 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 782 /* For operations having hash operation use calculated hash */ 783 switch (function) { 784 case PKCS11_FUNCTION_SIGN: 785 res = TEE_AsymmetricSignDigest(proc->tee_op_handle, 786 tee_attrs, 787 tee_attrs_count, 788 hash_buf, hash_size, 789 out_buf, &out_size); 790 output_data = true; 791 rc = tee2pkcs_error(res); 792 break; 793 794 case PKCS11_FUNCTION_VERIFY: 795 res = TEE_AsymmetricVerifyDigest(proc->tee_op_handle, 796 tee_attrs, 797 tee_attrs_count, 798 hash_buf, hash_size, 799 in2_buf, in2_size); 800 rc = tee2pkcs_error(res); 801 break; 802 803 default: 804 TEE_Panic(function); 805 break; 806 } 807 break; 808 default: 809 TEE_Panic(proc->mecha_type); 810 break; 811 } 812 813 out: 814 if (output_data && 815 (rc == PKCS11_CKR_OK || rc == PKCS11_CKR_BUFFER_TOO_SMALL)) { 816 switch (TEE_PARAM_TYPE_GET(ptypes, 2)) { 817 case TEE_PARAM_TYPE_MEMREF_OUTPUT: 818 case TEE_PARAM_TYPE_MEMREF_INOUT: 819 params[2].memref.size = out_size; 820 break; 821 default: 822 rc = PKCS11_CKR_GENERAL_ERROR; 823 break; 824 } 825 } 826 827 TEE_Free(hash_buf); 828 TEE_Free(tee_attrs); 829 830 return rc; 831 } 832 833 enum pkcs11_rc do_asymm_derivation(struct pkcs11_session *session, 834 struct pkcs11_attribute_head *proc_params, 835 struct obj_attrs **head) 836 { 837 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 838 TEE_ObjectHandle out_handle = TEE_HANDLE_NULL; 839 TEE_Result res = TEE_ERROR_GENERIC; 840 TEE_Attribute tee_attrs[2] = { }; 841 size_t tee_attrs_count = 0; 842 uint32_t key_byte_size = 0; 843 uint32_t key_bit_size = 0; 844 void *a_ptr = NULL; 845 size_t a_size = 0; 846 847 /* Remove default attribute set at template sanitization */ 848 if (remove_empty_attribute(head, PKCS11_CKA_VALUE)) 849 return PKCS11_CKR_FUNCTION_FAILED; 850 851 rc = get_u32_attribute(*head, PKCS11_CKA_VALUE_LEN, &key_bit_size); 852 if (rc) 853 return rc; 854 855 key_bit_size *= 8; 856 key_byte_size = (key_bit_size + 7) / 8; 857 858 res = TEE_AllocateTransientObject(TEE_TYPE_GENERIC_SECRET, 859 key_byte_size * 8, &out_handle); 860 if (res) { 861 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res); 862 return tee2pkcs_error(res); 863 } 864 865 switch (proc_params->id) { 866 case PKCS11_CKM_ECDH1_DERIVE: 867 rc = pkcs2tee_param_ecdh(proc_params, &a_ptr, &a_size); 868 if (rc) 869 goto out; 870 871 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 872 TEE_ATTR_ECC_PUBLIC_VALUE_X, 873 a_ptr, a_size / 2); 874 tee_attrs_count++; 875 TEE_InitRefAttribute(&tee_attrs[tee_attrs_count], 876 TEE_ATTR_ECC_PUBLIC_VALUE_Y, 877 (char *)a_ptr + a_size / 2, 878 a_size / 2); 879 tee_attrs_count++; 880 break; 881 default: 882 TEE_Panic(proc_params->id); 883 break; 884 } 885 886 TEE_DeriveKey(session->processing->tee_op_handle, &tee_attrs[0], 887 tee_attrs_count, out_handle); 888 889 rc = alloc_get_tee_attribute_data(out_handle, TEE_ATTR_SECRET_VALUE, 890 &a_ptr, &a_size); 891 if (rc) 892 goto out; 893 894 if (a_size * 8 < key_bit_size) 895 rc = PKCS11_CKR_KEY_SIZE_RANGE; 896 else 897 rc = add_attribute(head, PKCS11_CKA_VALUE, a_ptr, 898 key_byte_size); 899 TEE_Free(a_ptr); 900 out: 901 release_active_processing(session); 902 TEE_FreeTransientObject(out_handle); 903 904 return rc; 905 } 906